Chargement...
Passer au contenu

Business ServicePortal

Data Loss Prevention Endpoint Vulnerability Resolved
 

(23/06/2017)


AFFECTED SOFTWARE
  • Data Loss Prevention Endpoint Extension 10.0.x
REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions:
  • Data Loss Prevention Extension 11.0.x and newer.  
IMPACT
  • CVE-2017-3948 (CVSS 4.6 / 4.2 Severity:Medium) Multiple Stored Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user’s browsing session.
RECOMMENDATION
McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10202, McAfee Security Bulletin: DLP ePO extension update fixes CROSS SITE SCRIPTING (XSS) vulnerability (https://kc.mcafee.com/corporate/index?page=content&id=SB10202)

SNS Weekly Roundup (June 20)
 

Endpoint Security for Mac 10.2.2 Hotfix 119105 Now Available
 

McAfee Endpoint Security 10.5.1 Hotfix 2 has been removed from our download sites
 

End of Chat Support on June 16, 2017
 

End of Life for SIEM Generation 4 Hardware
 

Recording Available for Malware Session: Ransom-WannaCry
 

SNS DOMAIN CHANGE
 

Welcome to the ServicePortal